diff --git a/README.md b/README.md index 8c529a4b..53eb843f 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,12 @@ cd wolfcrypt-py USE_LOCAL_WOLFSSL=/usr/local pip3 install . ``` +2. Key algorithm mismatch: + +The error `Key algorithm mismatch. Remove old keys via 'make distclean'` indicates the current `.config` `SIGN` algorithm does not match what is in the generated `src/keystore.c` file. +Use `make keysclean` or `make distclean` to delete keys and regenerate. + + ## Release Notes ### v1.0 (2018-12-04) diff --git a/docs/Targets.md b/docs/Targets.md index 94b42cae..5803a8c7 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -1096,6 +1096,15 @@ Flash Layout (with files): Or program the `factory.bin` to `0xE8080000` +Example Boot Debug Output: + +``` +wolfBoot Init +Part: Active 0, Address E8080000 +Part: Size 1028 +Firmware Valid +Loading 1028 bytes to RAM at 19000 +``` #### Flash Programming with Lauterbach diff --git a/include/user_settings.h b/include/user_settings.h index a85d4949..f5f2b9a9 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -64,13 +64,13 @@ #endif /* ECC and SHA256 */ -#if defined (WOLFBOOT_SIGN_ECC256) ||\ - defined (WOLFBOOT_SIGN_ECC384) ||\ - defined (WOLFBOOT_SIGN_ECC521) +#if defined(WOLFBOOT_SIGN_ECC256) ||\ + defined(WOLFBOOT_SIGN_ECC384) ||\ + defined(WOLFBOOT_SIGN_ECC521) + # define HAVE_ECC # define ECC_TIMING_RESISTANT - - +# define ECC_USER_CURVES /* enables only 256-bit by default */ /* Kinetis LTC support */ # ifdef FREESCALE_USE_LTC @@ -102,25 +102,25 @@ # define NO_ECC_KEY_EXPORT /* Curve */ -# define NO_ECC192 -# define NO_ECC224 #ifdef WOLFBOOT_SIGN_ECC256 # define HAVE_ECC256 # define FP_MAX_BITS (256 + 32) -# define NO_ECC384 -# define NO_ECC521 -#elif defined WOLFBOOT_SIGN_ECC384 +#elif defined(WOLFBOOT_SIGN_ECC384) # define HAVE_ECC384 -# define FP_MAX_BITS (1024 + 32) -# define WOLFSSL_SP_384 -# define WOLFSSL_SP_NO_256 +# define FP_MAX_BITS (384 * 2) +# ifndef USE_FAST_MATH +# define WOLFSSL_SP_384 +# define WOLFSSL_SP_NO_256 +# endif # define NO_ECC256 -# define NO_ECC521 -#elif defined WOLFBOOT_SIGN_ECC521 +#elif defined(WOLFBOOT_SIGN_ECC521) # define HAVE_ECC521 -# define FP_MAX_BITS (544 + 32) +# define FP_MAX_BITS (528 * 2) +# ifndef USE_FAST_MATH +# define WOLFSSL_SP_521 +# define WOLFSSL_SP_NO_256 +# endif # define NO_ECC256 -# define NO_ECC384 #endif # define NO_RSA diff --git a/options.mk b/options.mk index 2cee0d59..b0c144b3 100644 --- a/options.mk +++ b/options.mk @@ -9,7 +9,12 @@ endif ifeq ($(SIGN),NONE) SIGN_OPTIONS+=--no-sign - STACK_USAGE=1216 + ifeq ($(HASH),SHA384) + STACK_USAGE=3760 + else + STACK_USAGE=1216 + endif + CFLAGS+=-DWOLFBOOT_NO_SIGN endif diff --git a/tools/test.mk b/tools/test.mk index 0c5e20a8..c0bd6543 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -885,25 +885,25 @@ test-size-all: make keysclean make test-size SIGN=ED25519 LIMIT=11308 make keysclean - make test-size SIGN=ECC256 LIMIT=22158 + make test-size SIGN=ECC256 LIMIT=22162 make keysclean - make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13592 + make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13594 make keysclean - make test-size SIGN=RSA2048 LIMIT=11086 + make test-size SIGN=RSA2048 LIMIT=11090 make keysclean - make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11058 + make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11062 make keysclean - make test-size SIGN=RSA4096 LIMIT=11446 + make test-size SIGN=RSA4096 LIMIT=11450 make keysclean - make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11366 + make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11370 make keysclean - make test-size SIGN=ECC384 LIMIT=17492 + make test-size SIGN=ECC384 LIMIT=17500 make keysclean - make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15028 + make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15032 make keysclean - make test-size SIGN=ED448 LIMIT=13334 + make test-size SIGN=ED448 LIMIT=13342 make keysclean - make test-size SIGN=RSA3072 LIMIT=11286 + make test-size SIGN=RSA3072 LIMIT=11290 make keysclean - make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11158 + make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11162 make keysclean